Next Hop Resolution Protocol: The spoke routers are configured as clients and they have a physical and a logical (tunnel) IP address. When they are up they inform the Hub that these IP addresses will be used to create a tunnel between them. All the Spokes know the Hub’s IP (statically configured).

What are the characteristics of multipoint GRE?

GRE can transport many protocols (unicast, multicast…)

in hub-and-spoke topology the hub’s one interface can be in connection with all the spokes

an mGRE interface can form dynamically form GRE tunnels with NHRP(discovers the IP of the devices at the far end of the tunnel)

What do you need to support a DMVPN topology?

To support a DMVPN topology we need:

Multipoint GRE

Next Hop Resolution Protocol (NHRP)

IPSEC

What is DMVPN and what is it used for?

Dynamic Multipoint VPN allows VPN tunnels to be created and torn down between remote sites.

What is a GRE tunnel? How do you secure a tunnel? Why do we need GRE?

Generic Routing Encapsulation tunnel can encapsulate nearly all kind of data and send it to the target destination (like it was directly connected). GRE doesnt have security though for this VPN tunnel is used. We use GRE because VPN can only send unicast traffic.

What is a tunnel and what types of it do you know?

Its a virtual connection between 2 point while it hops multiple other point physically.

GRE ( Generic Multipoint Encapsulation )

DMVPN ( Dynamic Multipoint VPN )

Multipoint GRE

IPSec

What is the 2 types of MPLS? What is the difference?

L2 MPLS seems like a LAN for the included devices. Layer 2 messages can be transferred between them.

L3 MPLS: Routes learned from CE is advertised to PE (ie: with BGP).

What is MPLS?

Multiprotocol Label Switching is used by service provider though many large enterprises use it as the backbone of their network. MPLS makes forwarding decisions by labelling rather then IPs.

How does an NHRP query work?

An NHRP spoke sends a query to the HUB and asks for a specific tunnel’s physical address. The HUB checks its NHRP database and replies the physical address. After this a the spoke can create the tunnel.

What are the key features of IPSEC?

Confidental: The data is encrypted.

Integrated: The data is not modified while transfer (checksum, hash).

Authentication: The other side’s identity is checked.

Antireplay: The packets are unique (sequence numbers)

What protocol does IPSEC use to build Phase 1?

IKE

What happens in IKE Phase 1?

ISAKMP session is established. During this session IPSec endpoints establish transform sets, hash methods and other parameters needed to establish a secure ISAKMP session. The collection of these parameters are called Security Association (SA).